var sha1=require('sha1');
var router=require('express').Router();
var checkNotLogin=require('../middlewares/check.js').checkNotLogin;
var User=require('../models/users');


// GET /signin 登录页
router.get('/',checkNotLogin,(req,res,next)=>{
    res.render('signin');
});

// POST /sigin 用户登录
router.post('/',checkNotLogin,(req,res,next)=>{
    var name=req.fields.name;
    var password=req.fields.password;

    User.getUserByName(name).then(user=>{
        // console.log('getUserByName:',name,user);
        if(!user){
            req.flash('error','用户不存在');
            return res.redirect('back');
        }

        if(sha1(password) !== user.password){
            req.flash('error','用户名或密码错误');
            return res.redirect('back');
        }

        req.flash('success','登录成功');
        delete user.password;
        req.session.user=user;
        res.redirect('/posts');

    }).catch(next);

});

module.exports=router;